Security and IT teams have a difficult time ensuring that their deployed applications and cloud services are up to date and do not have compliance issues such as security vulnerabilities. Presently, there is no good way to track which software libraries (packages) are used in software running throughout the company, which versions of packages are being used, who is using these packages, if there are any compliance issues and how they may be updated/redeployed. The turnaround time for this process is critical as security issues are often reported publicly which gives potential hackers knowledge to infiltrate infrastructure within a company. Common Vulnerability and Exposures (CVEs) reports are examples of publicly available reports. The presence of out of compliance applications and cloud services in an enterprise poses a serious security risk and technical problem for the enterprise.
It is desirable to be able to track the software packages used by an enterprise and statistics about the packages being used. It is further desirable to be able to track which software packages in an enterprise are non-compliant and then update those non-compliant packages. None of the current solutions have all of these desirable characteristics or solve the technical problem identified above. For example, some systems, such as a Conda repository and Artifactory, provide package management and tracking systems, but not the other desirable aspects while CVE and other security reports provide security vulnerability data/reports, but not the other desirable aspects. Furthermore, systems, such as Anaconda Enterprise or Amazon/Google/Microsoft clouds provide platforms to (re)deploy applications and services but again fail to provide the other desirable aspects. Thus, it is desirable to provide a system and a method for remediating and redeploying out of compliance applications and cloud services that has the desirable characteristics identified above and solves the above described technical problem and it is to this end that the disclosure is directed.